CN109688243B - Sensing node IPv 6address allocation method based on trusted identity - Google Patents
Sensing node IPv 6address allocation method based on trusted identity Download PDFInfo
- Publication number
- CN109688243B CN109688243B CN201910077755.4A CN201910077755A CN109688243B CN 109688243 B CN109688243 B CN 109688243B CN 201910077755 A CN201910077755 A CN 201910077755A CN 109688243 B CN109688243 B CN 109688243B
- Authority
- CN
- China
- Prior art keywords
- sensing node
- address
- identity
- local
- bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/659—Internet protocol version 6 [IPv6] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5046—Resolving address allocation conflicts; Testing of addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention belongs to the technical field of Internet of things and communication, and particularly relates to a sensing node IPv 6address allocation method based on a trusted identity; the method comprises the steps of combining sensing node identity information based on the OID technology with a signed temporary identity address, and generating an interface ID of an IPv 6address through compression operation; allocating an IPv6 global address which can be used for whole network communication for the sensing node through an improved stateless automatic configuration mode; the communication party of the sensing node obtains the identity identification information from the interface ID in the IPv 6address of the sensing node, verifies the signature and verifies the authenticity of the identity identification information. The invention not only realizes the mapping between the sensing node identification and the IPv 6address in the 'everything interconnection' network, but also can verify the authenticity of the sensing node identification, thereby identifying counterfeit sensing node equipment in the network, ensuring the communication safety and maintaining the rights and interests of the manufacturer of the regular sensing node equipment.
Description
Technical Field
The invention belongs to the technical field of Internet of things and communication, and particularly relates to a sensing node IPv 6address allocation method based on a trusted identity.
Background
The Internet of things identification is the only and effective identification and coding of the networked object, is used for identifying the identity of the networked object in the information network, can realize the integration, sharing, management, control and the like of object information after identification, and is a prerequisite condition for large-scale deployment and operation of Internet of things application and service. At present, as the application of sensor networks in various fields is more and more extensive, the deployment scale of sensor network node equipment is more and more huge, the construction of a sensor network identification system is a basis for realizing interconnection of everything, is a premise for application deployment and construction of sensor networks in various industries, and is a necessary condition for realizing interconnection and intercommunication of a large number of sensor nodes, tracing of sensor node information and fault tracking.
Based on the difference of the recognition target, the application scene and the technology, the identification of the internet of things is divided into three categories, namely an internet of things communication identification, an internet of things object identification and an internet of things application identification. The communication identifier of the internet of things is used for identifying network nodes with communication capability in the internet of things, such as IPv4 and IPv6 addresses of communication equipment. Because the quantity of the IP addresses required by massive node equipment in the sensor network is very large, the IPv4 can not meet the requirements, the IPv6 has rich address resources, and all the node equipment can be guaranteed to obtain the global unique address in the future, so the IPv6 technology is an inevitable choice for the development of the sensor network. The object identification of the internet of things is used for identifying a sensed physical or logical object in the internet of things, and currently, various related codes and identification technologies (such as EPC, Handle, OID and the like) coexist, wherein an OID (object identifier) identification system proposed by ISO/IEC and ITU (international standardization organization) has the advantages of flexible layering, strong expansibility and the like, and is most widely applied. The 501 st part of the national standard information technology sensor network issued and implemented in China: marking: a sensing node identifier compiling rule (GB/T30269.501-2014) specifies that the sensing node adopts an identity identification technology based on an OID system; national standard information technology sensor network part 503: marking: the sensor node identifier registration procedure (GB/T30269.503-2017) specifies the process of a sensor node equipment manufacturer applying an OID identification code to an authority management organization. A series of national standards have instructive significance for the construction of the sensing node identification management system in the Internet of things.
After the sensing node is deployed in the internet of things, sensing node equipment has at least two types of identifiers: communication identification-IP address, object identification-OID identity identifier. How to map and correlate the IP address of the sensing node and the OID identifier, some solutions are proposed in the industry, and most methods for maintaining the IP address of the sensing node and the OID identifier mapping table are established on a router or a server in a network and are bound to realize the follow-up tracing and management of the information of the sensing node equipment. The scheme causes the sensing node identification management system to be complex and high in construction cost.
The RFC 4291 IP Version 6Addressing Architecture defines the format of IPv6 unicast address, wherein an interface id (interface id) is used for identifying a link interface of a communication object and is constructed by a modified EUI-64 format. The RFC 4862 IPv6 stateaddress Auto Configuration defines a Stateless Address Auto Configuration process of IPv6, where an IPv 6Address of a sensing node is generated by a prefix and an interface ID, the prefix obtains a route Advertisement message (RA) from the same network segment, and the interface ID is usually from a local Media Access Control (MAC) Address. If the identity of the sensing node is directly used as the interface ID, the sensing node is accessed to the network by adopting a stateless address automatic configuration mode, and the binding of the identity of the sensing node and the IP address can be realized. However, this method can cause safety problems: a communicator in the network can analyze the OID identification information of the sensing node as long as the communicator obtains the IPv 6address of the sensing node, a bad manufacturer or an individual can manufacture fake sensing node equipment with the same OID identification, and a communicator cannot know the authenticity of the identification through the IPv 6address simply after the communicator enters the network.
Therefore, a simple, efficient and credible method is needed, which not only can realize the mapping between the OID identity of the sensing node and the IPv 6address, but also can perform authenticity verification on the identity of the sensing node.
Disclosure of Invention
Based on the problems in the prior art, the invention provides a sensing node IPv 6address allocation method based on a trusted identity, which aims to realize mutual mapping of an IPv 6address and an identity of a sensing node in a sensor network, guarantee the authenticity of the identity of sensing node equipment through an effective identity verification method and identify counterfeit sensing node equipment products in the network.
The patent provides a method for injecting OID identification information of a sensing node into an IPv 6address based on the standard specification of IPv 6address allocation, so that a sensing node communication party can obtain the OID identification information from the IPv 6address, the complexity and the construction cost of the existing sensor network identification system are reduced, and the management and maintenance work content of the sensing node identification information is greatly simplified.
The invention discloses a sensing node IPv 6address allocation method based on a trusted identity, which comprises the following steps as shown in figure 1:
s1, determining 64-bit sensing Node identity information (SNID for short) based on an identification system, taking the 64-bit sensing Node identity information as a temporary interface ID of a sensing Node, combining a 64-bit link-local prefix (link-local prefix) with the 64-bit temporary interface ID as a local temporary identity address, performing repeated address detection on the local temporary identity address, and using the local temporary identity address for network access after the local temporary identity address passes the detection;
the sensing node identity is used for uniquely identifying the identity of sensing node equipment for network access communication, and the national standard' information technology sensor network part 501: marking: the 'sensing node identity identifier' defined in the sensing node identifier preparation rule is coded into 64 bits, including 24 bits of manufacturer codes and 40 bits of product codes, and conforms to the OID identification system.
S2, the sensing node sends a Router request message (RS) to all Router multicast addresses, the 64-bit network prefix in the routing advertisement message RA acquired after network access is combined with the 64-bit sensing node identity information to be used as a temporary identity address, and the temporary identity address is obtained by signature operation;
s3, combining the cipher text after the signature operation in S2 with the identity identification information of the sensing node, compressing the cipher text into a fixed 64-bit message through a specified compression algorithm, attaching the message to a link local prefix to form a temporary link local address, performing repeated address detection, and taking the 64-bit message obtained by compression as an interface ID of the sensing node after the detection is passed;
s4, combining the sensing node interface ID with a 64-bit link local prefix, configuring an IPv6 local link address, and configuring an IPv6 global address by using the sensing node interface ID and the 64-bit network prefix;
in order to better confirm the identity of the sensing node, verify the authenticity of the identity of the sensing node and ensure credibility, the invention also adopts the step S5 that the communication party of the sensing node decompresses the interface ID of the sensing node in the IPv 6address, determines the identity information of the corresponding sensing node and verifies the signature, thereby judging the authenticity of the identity information of the sensing node.
Further, the signature operation is an encryption process, in the process, a private key of a manufacturer is used for encryption, random numbers are input and used as filling characters during the signature operation, and different random numbers are input to determine different signature ciphertexts; thereby satisfying the randomness of the ciphertext; the verify signature process is a decryption process that uses the manufacturer's public key for decryption.
Optionally, the manufacturer private key and the manufacturer public key are managed by an identification management mechanism, the manufacturer private key is embedded in the sensing node device when the sensing node device leaves a factory, and is kept secret from the outside, and the manufacturer public key is provided by the identification management mechanism in a public manner.
Preferably, the random number of the invention can be randomly generated by the server, the length of the random number generated each time is not fixed, preferably the length is 128bit or 256bit, and the anti-counterfeiting effect can be enhanced because the length of the random number is not fixed.
In the invention, the signature operation can be carried out by adopting an MD5 algorithm or an A8 algorithm, and the signature operation can also be carried out by adopting other algorithms, wherein the length of the signature operation is preferably 128 bits or 256 bits, and other lengths can also be generated.
Further, the Duplicate Address Detection (DAD) in step S1 includes configuring a local temporary identity Address for the sensing node if the local temporary identity Address collision is detected, otherwise, the sensing node interface is not available.
The sensing node interfaces of the invention are all network access interfaces of sensing node equipment.
Further, the duplicate address detection in step S3 includes that if the sensing node interface does not receive a legitimate neighbor advertisement NA message, it proves that the prefix sensing node identity information address is unique on the local link, and then allocates the address to the node as a link local address; if a legal NA message is received, the address is proved to be not unique on the local link; if the address is not unique on the local link, step S1 is reset, the input random number used in the signature operation is replaced to obtain a new temporary link local address, and repeated address detection is continued until the address passes.
Further, the step S4 includes, after the local link address of Ipv6 is successfully configured, replacing the link local prefix with a 64-bit network prefix in the routing advertisement message RA message, generating a global address, and allocating the global address to the sensing node for global network communication.
Further, the method of verifying the signature to verify the authenticity of the identification information is as follows: and obtaining a manufacturer public key from a sensing node identification management mechanism, carrying out verification signature operation on an address ciphertext of the signed temporary identity identification address, and if the temporary identity identification address with the correct format is obtained, namely the temporary identity identification address comprises the correct network prefix and the sensing node identity identification SNID, the authenticity of the sensing node identity identification can be proved.
Furthermore, the verification of the signature operation can verify the identity authenticity of the sensing node, and the reason is that when the sensing node signs the address, the used manufacturer private key is stored in the sensing node equipment in a safe manner when the sensing node equipment leaves a factory, the sensing node equipment is not public and cannot be acquired by other people, the sensing node has undeniability on the signed message, and other people cannot forge the signature of the message. If the communication party verifies the signature by using the public key of the manufacturer to obtain the temporary identity address with the correct format, the communication party can prove that the identity of the sensing node is not falsified, so that the interface ID carrying the identity information of the sensing node cannot be falsified, if the counterfeit sensing node directly copies the signed temporary identity address ciphertext, IP address conflict abnormity can occur to cause the temporary identity address ciphertext to be recognized in the local area network, and the authenticity of the identity of the sensing node is effectively ensured.
Optionally, the compression algorithm and the decompression algorithm are algorithms opened to the public by the sensing node identification management mechanism; such as algorithms LZW, LZO, LZMA, LZSS, LZR, LZB, LZH, LZC, LZT, LZMW, LZJ, LZFG, and the like.
The invention has the beneficial effects that:
the invention designs a sensing node IPv 6address allocation method based on a credible identity, allocates an IPv 6address carrying a sensing node identity into a network in a stateless address automatic allocation mode, realizes the mapping between the sensing node identity and an IPv 6address, and provides a method for effectively verifying the authenticity of the sensing node identity, thereby not only ensuring the confidentiality of the identity of the sensing node into the network, but also avoiding the stealing of the identity by bad users or manufacturers and ensuring the authenticity of the identity information of the sensing node.
Drawings
FIG. 1 is a flow chart of a method employed in the present invention;
FIG. 2 is a communication model architecture diagram of a preferred embodiment of the present invention;
FIG. 3 is a schematic diagram of an encoding structure of a sensing node identification SNID used in the present invention;
FIG. 4 is a schematic diagram of a local temporary identity address coding structure used in the stateless address auto-configuration of a sensor node according to the present invention;
FIG. 5 is a schematic diagram of an address encoding structure of a temporary identity identifier used in the stateless address auto-configuration of a sensor node according to the present invention;
FIG. 6 is a schematic diagram of a process for generating an IPv6 global address code of a sensor node according to the present invention;
fig. 7 is a schematic flow chart illustrating a process of configuring, by means of stateless address auto-configuration, an IPv6 link local address and a global address carrying identity information of a sensing node for a sensing node interface according to the present invention;
fig. 8 is a schematic diagram of a process of obtaining identity information from an IPv6 global address through parsing and verifying the identity thereof according to the present invention;
fig. 9 is a schematic flow chart of a communication party obtaining identity identification information from an IPv6 global address of a sensing node and verifying authenticity of the identity in the communication model according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly and completely apparent, the technical solutions in the embodiments of the present invention are described below with reference to the accompanying drawings, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
The communication model adopted in this embodiment is as shown in fig. 2, the sensing node device generates a unique interface ID by using the method proposed in the present invention, and performs network access communication by using a stateless address automatic configuration mode, and when a communication party communicates with the sensing node information, the communication party obtains an identity of the sensing node by decoding the IPv 6address interface ID, and verifies the authenticity of the identity of the sensing node. In fig. 2, a gateway is used to connect an IPv6 sensor network and an IPv6 ethernet, access devices under the same router belong to the same local link, sensing nodes under the same local link or sensing nodes and other communication devices can communicate using respective link local addresses, and devices other than the local link need to communicate using IPv6 global addresses, and in this embodiment, communication parties and sensing nodes need to communicate using respective IPv6 global addresses.
The sensing node identity coding structure used in the invention, as shown in fig. 3, adopts the national standard "information technology sensor network part 501: marking: the "sensing node identity identifier" defined in the sensing node identifier formulation rule "is coded into 64 bits (including 24-bit manufacturer codes and 40-bit product codes) as an SNID code capable of uniquely identifying the identity of the sensing node, i.e., the sensing node identity information of the present invention.
The coding structure of the local temporary identity address used in the present invention is, as shown in fig. 4, composed of a 64-bit link local prefix and a 64-bit sensing node identity SNID. The address does not take security measures on the identity identification information of the sensing node, the security is low, and after the sensing node acquires the address prefix information in the route announcement and regenerates the interface ID, the local temporary identity identification address is discarded.
The coding structure of the temporary identity address used in the present invention is, as shown in fig. 5, composed of a 64-bit network prefix obtained from an RA message of a router and a 64-bit sensing node identity SNID, and the sensing node signs the address to generate an interface ID part of a trusted IPv6 address.
In this embodiment, the sensing node 64-bit identity SNID is represented as "101699 FE 1021807F" using hexadecimal notation, the identity is attached to the back of the link local prefix FE 80:/64 to form a local temporary identity address FE80::1016:99FE:1021:807F, and the local temporary identity address needs to pass DAD detection.
Before the DAD starts, the sensing nodes join the full-node multicast group (FF02::1) and the requested-node multicast group. The sensing node sends a neighbor request ns (neighbor solicitation), the destination address of the request is set as the local temporary identity address being detected, the IP source address is an unspecified address (all zero address), and the IP destination address is the requested node multicast address. If the request is not responded, the local temporary identity identification address is unique on the local link, and once a legal neighbor advertisement NA is received on the interface, the address is not unique on the local link, and at this time, the address of the sensing node needs to be configured additionally.
The method comprises the steps that when a local temporary identity identification address is configured on a sensing node interface ID and an interface is started, a routing advertisement RA is periodically sent to multicast addresses of all node equipment, and the sensing node actively sends a routing request RS to acquire a network prefix NP in the routing advertisement RA.
The NP and the SNID are combined to generate a 128-bit temporary identity identification address, the sensing node needs to sign the temporary identity identification address, and the signing process is as follows: random number is input to fill in the temporary identity identification address, and then the built-in private key SK of the manufacturer is usedManufacturerThe padded data is operated by a specified encryption algorithm E to generate m (m)>64) Bit cipher text
Cipher text
And combining the obtained data with a self 64-bit identity SNID, generating a 64-bit NP-SNID with a fixed length through a specified compression algorithm Z operation, and finally combining a link local prefix FE 80:/64 with the 64-bit NP-SNID carrying the identity identification information of the sensing node to obtain a tentative link local address.
The tentative link local address needs to be checked again for uniqueness by the DAD, and if not, the operation process for generating the NP-SNID is reset, the input random number during signature is changed, and different ciphertexts are generated
And then, obtaining a new NP-SNID through compression operation so as to obtain a new tentative link local address, and detecting again until the address is not repeated in the local link, wherein the NP-SNID is used as the interface ID of the sensing node.
The tentative link local address detected by the DAD uniqueness will replace the local temporary identity address FE80::1016:99FE:1021:807F previously assigned to the node as the link local address of the sensing node for communication within the local link.
After the link local address is successfully configured, the sensing node combines the network prefix carried in the RA with the 64-bit NP-SNID to generate an IPv6 global address of the sensing node. Fig. 6 shows a global address code configuration process of a sensing node IPv6, where fig. 7 describes a stateless automatic configuration flow of a link local address and a global address of the above sensing node IPv6, the sensing node sends a routing request to acquire a network prefix NP in a routing passing message, the sensing node combines the network prefix NP with an identity SNID to form a 128-bit temporary identity address, and the sensing node signs the temporary identity address: inputting a random number for filling, and then using a private key of a manufacturer to perform encryption operation, wherein the private key is arranged in the sensing node and cannot be obtained by others; compressing the signed temporary identity identification address ciphertext and the sensing node identity identification SNID to generate 64 NP-SNID serving as a sensing node interface ID; the sensing node combines the link local endorsement with the NP-SNID to generate a tentative local link address, DAD detection is adopted to judge whether the tentative local link address is unique on a local link, if not, an input random number used in random signature is replaced, the temporary identity identification address of the sensing node is continuously signed, if so, the tentative local link address is distributed to a sensing node interface to serve as a link local address, the NP-SNID serves as a formal interface ID of the sensing node equipment for formal communication, and a network prefix carried in the RA is combined with the NP-SNID to generate an IPv6 global address of the sensing node.
In this embodiment, when the communication party performs information interaction with the sensor node, the IPv6 global address of the sensor node may be obtained, the last 64-bit interface ID of the global address is intercepted, and the SNID of the sensor node and the signed temporary ID address ciphertext are obtained through the decompression U operation
When a communication party needs to verify the authenticity of the identity identifier of the sensing node, a public key PK published by a manufacturer can be obtained by inquiring an identifier management mechanism through the OID identifier of the nodeManufacturerThen, the temporary ID address ciphertext of the signature is identified
And (4) carrying out signature verification D operation, and if the message contains correct network prefix information and the SNID of the sensing node, proving the authenticity of the identity of the sensing node. The process of analyzing the global address of the sensing node IPv6 to obtain the identity of the sensing node and the operation process of verifying the identity of the sensing node is shown in figure 8, the operation flow is shown in figure 9, the communication party obtains the global address of the sensing node IPv6 and divides the global address into a front 64-bit network prefix and a rear 64-bit interface ID, and the communication party decrypts the rear 64-bit interface ID by using the private key of the identification management mechanism to obtain the identity of the sensing nodeDecompressing and operating the compressed text C alpha (NP-SNID) to obtain the sensing node identity SNID and the temporary identity address signature code; the communication party uses the public key of the manufacturer to carry out verification signature operation on the signature code to obtain 128-bit data; and judging whether the 128-bit data comprises correct network prefix and SNID of the sensing node, if so, judging that the identity identification of the sensing node is true, and if not, judging that the identity identification information of the sensing node is forged.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: ROM, RAM, magnetic or optical disks, and the like.
The above-mentioned embodiments, which further illustrate the objects, technical solutions and advantages of the present invention, should be understood that the above-mentioned embodiments are only preferred embodiments of the present invention, and should not be construed as limiting the present invention, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (5)
1. A sensing node IPv 6address allocation method based on trusted identity identification is characterized in that: the method comprises the following steps:
s1, determining 64-bit sensing node identity identification information based on an identification system, taking the 64-bit sensing node identity identification information as a temporary interface ID of a sensing node, adopting an improved stateless address automatic configuration mode, combining a 64-bit link local prefix with the 64-bit temporary interface ID as a local temporary identity identification address, carrying out repeated address detection on the local temporary identity identification address, and using the local temporary identity identification address for network access after the local temporary identity identification address passes the detection;
s2, the sensing node sends a router request message to all router multicast addresses, a 64-bit network prefix in a routing advertisement message RA acquired after network access is combined with the 64-bit sensing node identity information to serve as a temporary identity address, and a ciphertext is obtained through signature operation;
s3, combining the cipher text after the signature operation in S2 with the identity identification information of the sensing node, compressing the cipher text into a fixed 64-bit message through a specified compression algorithm, attaching the message to a link local prefix to form a temporary link local address, performing repeated address detection, and taking the 64-bit message obtained by compression as an interface ID of the sensing node after the detection is passed;
s4, combining the sensing node interface ID with a 64-bit link local prefix to configure a local link address of IPv6, and configuring a global address of IPv6 with the sensing node interface ID and the 64-bit network prefix;
s5, the communication party of the sensing node decompresses the sensing node interface ID in the IPv 6address, determines the identity identification information of the corresponding sensing node, and verifies the signature, thereby judging the authenticity of the identity identification information of the sensing node.
2. The IPv 6address allocation method for the sensing node based on the trusted identity as claimed in claim 1, wherein the signature operation is an encryption process, in which a private key of a manufacturer of the sensing node device is used for encryption, a random number is input as a padding character during the signature operation, and different random numbers are input to determine different signature ciphertexts; thereby satisfying the randomness of the ciphertext; the verify signature process is a decryption process that uses the manufacturer's public key for decryption.
3. The IPv 6address assignment method for the sensor node based on trusted IDs, according to claim 1, wherein the repeated address detection in step S1 includes configuring a local temporary ID address for the sensor node if the local temporary ID address collision is detected, otherwise the sensor node interface is unavailable.
4. The IPv 6address allocation method for sensing nodes based on trusted IDs according to claim 1, wherein the duplicate address detection in step S3 includes if the sensing node interface does not receive a legal Neighbor Advertisement (NA) message, then proving that the prefix sensing node ID information address is unique on the local link, then allocating the address to the node as the link local address; if a legal neighbor advertisement NA message is received, the address is not unique on the local link, the steps S2 and S3 are reset, the input random number used in signature operation is replaced, a new temporary link local address is obtained, and repeated address detection is continued until the address passes.
5. The method for allocating the IPv6 addresses to the sensor nodes according to claim 1, wherein the step S4 includes, after the IPv6 local link addresses are successfully configured, replacing the link local prefixes with 64-bit network prefixes in the RA message, and generating global addresses, which are allocated to the sensor nodes for global network communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910077755.4A CN109688243B (en) | 2019-01-28 | 2019-01-28 | Sensing node IPv 6address allocation method based on trusted identity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910077755.4A CN109688243B (en) | 2019-01-28 | 2019-01-28 | Sensing node IPv 6address allocation method based on trusted identity |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109688243A CN109688243A (en) | 2019-04-26 |
| CN109688243B true CN109688243B (en) | 2021-07-06 |
Family
ID=66194885
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910077755.4A Active CN109688243B (en) | 2019-01-28 | 2019-01-28 | Sensing node IPv 6address allocation method based on trusted identity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109688243B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110113264B (en) * | 2019-05-14 | 2021-06-22 | 常熟理工学院 | Method for realizing cache and route of named data network |
| CN111031495B (en) * | 2020-01-06 | 2021-07-30 | 南通大学 | Multicast communication system and method for 6LowPAN Internet of things communication network |
| CN112036909A (en) * | 2020-08-25 | 2020-12-04 | 重庆邮电大学 | Product information tracing system and method based on IPv6 virtual connection |
| CN113811019B (en) * | 2021-10-29 | 2023-10-31 | 全球能源互联网研究院有限公司 | Terminal identity and IPv6 address mapping method and device |
| CN116032889B (en) * | 2023-03-30 | 2023-07-21 | 新华三技术有限公司 | IP address allocation method and device |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859444A (en) * | 2006-03-03 | 2006-11-08 | 华为技术有限公司 | Automatic configurating method for host address in IPV6 network |
| CN101162999A (en) * | 2006-10-15 | 2008-04-16 | 柏建敏 | Method of authenticating identification based common key cryptosystem and encryption address in network |
| CN101707763A (en) * | 2009-12-03 | 2010-05-12 | 王晓喃 | Method for achieving automatic configuration of IPv6 addresses for wireless sensor network |
| CN101710906A (en) * | 2009-12-18 | 2010-05-19 | 工业和信息化部电信传输研究所 | IPv6 address structure and method and device for allocating and tracing same |
| CN102067570A (en) * | 2008-06-24 | 2011-05-18 | 高通股份有限公司 | Method and apparatus for ensuring IPv6 uniqueness in a mobile subnetted environment |
| CN102801821A (en) * | 2012-08-10 | 2012-11-28 | 中国联合网络通信集团有限公司 | Address generation and analysis method, user equipment and network node |
| CN102868778A (en) * | 2012-09-19 | 2013-01-09 | 中国联合网络通信集团有限公司 | IPv6 (Internet Protocol version 6) address generating method and device |
| CN103297563A (en) * | 2013-06-14 | 2013-09-11 | 南京邮电大学 | Method for preventing duplicated address detection attack on basis of identity authentication |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10097525B2 (en) * | 2016-03-08 | 2018-10-09 | Qualcomm Incorporated | System, apparatus and method for generating dynamic IPV6 addresses for secure authentication |
-
2019
- 2019-01-28 CN CN201910077755.4A patent/CN109688243B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859444A (en) * | 2006-03-03 | 2006-11-08 | 华为技术有限公司 | Automatic configurating method for host address in IPV6 network |
| CN101162999A (en) * | 2006-10-15 | 2008-04-16 | 柏建敏 | Method of authenticating identification based common key cryptosystem and encryption address in network |
| CN102067570A (en) * | 2008-06-24 | 2011-05-18 | 高通股份有限公司 | Method and apparatus for ensuring IPv6 uniqueness in a mobile subnetted environment |
| CN101707763A (en) * | 2009-12-03 | 2010-05-12 | 王晓喃 | Method for achieving automatic configuration of IPv6 addresses for wireless sensor network |
| CN101710906A (en) * | 2009-12-18 | 2010-05-19 | 工业和信息化部电信传输研究所 | IPv6 address structure and method and device for allocating and tracing same |
| CN102801821A (en) * | 2012-08-10 | 2012-11-28 | 中国联合网络通信集团有限公司 | Address generation and analysis method, user equipment and network node |
| CN102868778A (en) * | 2012-09-19 | 2013-01-09 | 中国联合网络通信集团有限公司 | IPv6 (Internet Protocol version 6) address generating method and device |
| CN103297563A (en) * | 2013-06-14 | 2013-09-11 | 南京邮电大学 | Method for preventing duplicated address detection attack on basis of identity authentication |
Non-Patent Citations (2)
| Title |
|---|
| Address Structure for supporting Ubiquitous;Gyu Myoung Lee";《2008 10th International Conference on Advanced Communication Technology》;20080131;17-20 * |
| 基于6LoWPAN的无线传感网设计;龚成莹;《无线电工程》;20180702;531-535 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109688243A (en) | 2019-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109688243B (en) | Sensing node IPv 6address allocation method based on trusted identity | |
| US8098823B2 (en) | Multi-key cryptographically generated address | |
| KR100651715B1 (en) | Method for generating and accepting address automatically in IPv6-based Internet and data structure thereof | |
| CN102761630B (en) | Real user identity information-oriented IPv6 (Internet Protocol Version 6) address distribution method | |
| CN101960814B (en) | IP address delegation | |
| CN103348662B (en) | For the method producing address in a computer network | |
| EP2160886B1 (en) | System and method for access network multi-homing | |
| EP2259542B1 (en) | Method, apparatus and system for processing dynamic host configuration protocol message | |
| CN101039181B (en) | Method for preventing service function entity of general authentication framework from attack | |
| CN102255983B (en) | Entity identifier allocation system, source tracing and authentication methods and server | |
| MX2007005140A (en) | Apparatus, and associated method, for generating and transmitting an anonymous routing identifier to identity user agent . | |
| WO2022267977A1 (en) | Information processing method, intermediate parser, network device and storage medium | |
| CN107342964A (en) | A kind of message parsing method and equipment | |
| CN109922165B (en) | Multi-domain name system of common network | |
| CN117014887A (en) | Multi-factor verifiable low-power consumption Bluetooth equipment IPv6 address automatic configuration method and system | |
| CN115941192A (en) | IPv6 address prefix coding method and device, storage medium and electronic equipment | |
| CN114422474A (en) | User IPv6 address generation method based on RADIUS server | |
| JP2020510356A (en) | Transmitters that send signals and receivers that receive signals | |
| KR100426055B1 (en) | SECURE AUTOMATIC CONFIGURATION METHOD OF MULTICAST ADDRESSES IN IPv6-BASED NODES IN NETWORK LAYER | |
| El Ksimi et al. | An enhancement approach for securing neighbor discovery in IPv6 networks | |
| CN117201005B (en) | IPv6 address dynamic coding method based on ZUC encryption and decryption and application method | |
| CN115297090B (en) | Address allocation method, device, equipment and medium | |
| CN103763328B (en) | Based on the OID Sensor Network equipment safety communication encryption mechanism encoded and addressing method | |
| US11070523B2 (en) | Digital data transmission system, device and method with an identity-masking mechanism | |
| US20230362128A1 (en) | Method for improved layer 2 address acquisition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |